<?php
/*
 * Created on Feb 10, 2005
 *
 * Author Eric Weinert
 * drakew@gmail.com
 * 
 */

require_once ($DOCUMENT_ROOT . '/includes/functions.php');

session_start ();

if (valid_user())
{
	$header = '<link type="text/css" rel="StyleSheet" href="css/revised.css" />';
	do_header ('Vote', $header);
	
	do_menu ();
	
	db_connect ();

	// get id number from session
	$user = $_SESSION['valid_user'];
	$query = "SELECT id FROM users WHERE name='$user'";
	$result = mysql_query ($query)
		or die ('error getting id number'. mysql_error ());
	$userid = mysql_result ($result, 0);
	
	// get get variables
	$id = $_GET['id'];
	$vote = $_GET['vote'];

	// check if person has voted for this one already	
	$query = "SELECT * FROM vote WHERE id='$id' AND authorID='$userid'";
	$result = mysql_query ($query);
	
	if (mysql_num_rows($result) > 0)
	{
		echo "<p>you have already voted for this review<br>" .
				"it would not be fair to let you vote again</p>";
	}
	else
	{
		$query = "INSERT INTO vote SET id='$id', 
									   authorID='$userid', 
									   positive='$vote', 
									   date=CURDATE()";
		$result = mysql_query ($query);
		echo "<p>You have voted for this review<br />" .
				"Thank you.</p>";
	}
		
	// resolve teacher id
	$sql = "SELECT teacherID FROM reviews WHERE id='$id'";
	$result = mysql_query ($sql);
	$teacherid = mysql_result ($result, 0);
	
	// links to next location
	echo "<p align='center'><a href='read.php?id=$teacherid'>Return to review I just viewed</a><br />" .
			"<a href='list.php'>Go to the main list</a></p>";

	do_footer ();
}
?>
